Security Directory

B

Boll & Branch

bollandbranch.com

73

Boll & Branch is a premium e-commerce retailer specializing in luxury organic bedding, sheets, towels, and home textiles. The company emphasizes ethical sourcing, sustainability, and Fair Trade certification, targeting consumers who value high-quality, toxin-free organic cotton products. Their market position is that of a trusted, upscale brand in the organic bedding sector, with a direct-to-consumer business model leveraging Shopify's platform for online sales. Technically, the website is built on Shopify with modern frameworks and technologies such as React and Oxygen, ensuring fast performance, mobile responsiveness, and good SEO practices. The site includes comprehensive privacy and cookie policies with GDPR compliance and uses marketing and analytics tools like AB Tasty and OneTrust for consent management and user experience optimization. From a security perspective, the site enforces HTTPS, employs strong security headers, and avoids exposing sensitive data. However, it lacks publicly available incident response or vulnerability disclosure information, which could be improved to enhance trust. The absence of WHOIS registration data is a concern but does not detract significantly from the overall legitimacy given the professional presentation and trust signals. Overall, Boll & Branch presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include publishing security policies and incident response contacts and addressing the WHOIS data gap to improve transparency and trust.

B

Bloom & Wild

bloomandwild.com

71

Bloom & Wild is a prominent UK-based e-commerce company specializing in flower delivery services, including letterbox flowers, plants, and gifts. The company targets consumers seeking convenient and reliable floral gifting solutions, positioning itself as a leading online flower delivery brand in the UK market. The website is professionally designed with excellent content quality, clear navigation, and strong branding consistency, supporting a positive user experience and high trustworthiness. Technically, the website leverages modern web technologies such as Angular, integrates advanced monitoring tools like Datadog RUM, and employs A/B testing via Optimizely. It demonstrates good mobile optimization, accessibility, and SEO practices, contributing to fast performance and broad user reach. Privacy compliance is well addressed with comprehensive privacy and cookie policies, including consent mechanisms aligned with GDPR requirements. From a security perspective, the site enforces HTTPS, implements key security headers, and avoids exposing sensitive data. However, it lacks a dedicated security policy page, incident response contact details, and a vulnerability disclosure program, which are areas for improvement. The absence of WHOIS registration data slightly reduces trust but does not significantly impact the overall legitimacy given the professional site presentation and security posture. Overall, Bloom & Wild presents a secure, compliant, and user-friendly platform with minor gaps in transparency around security policies and domain registration. Strategic enhancements in these areas would further strengthen its risk profile and stakeholder confidence.

L

Lunchgate AG

lunchgate.ch

47

Lunchgate AG operates a Swiss-focused online platform for discovering restaurants, cafés, and bars, offering users the ability to search by location, cuisine, and make online reservations. The website is professionally designed, primarily in German, and targets a general audience interested in dining options within Switzerland. The platform integrates partner services such as Foratable for reservation management and uses a consent management platform to comply with privacy regulations. Technically, the site uses modern web technologies including AngularJS and JavaScript, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced and consent mechanisms in place, though security headers and explicit security policies are absent. WHOIS data confirms the legitimacy and consistency of the domain registration with the business profile. Overall, the site is trustworthy and well-positioned in the hospitality sector.

Bank CIC (Schweiz) AG is a Swiss banking institution serving entrepreneurs and private individuals with complex financial needs. The website presents a professional image with a clear focus on investment, financing, corporate finance, and private banking services. The bank positions itself as a trusted partner offering tailored financial solutions supported by Swiss tradition and corporate governance. The digital infrastructure is modern, leveraging Magnolia CMS and JavaScript frameworks, with a moderate performance profile and good mobile optimization. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and incident response policies are not publicly disclosed. Overall, the website reflects a credible and trustworthy financial institution with a strong market presence in Switzerland.

A

adbodmer AG

adbodmer.ch

52

adbodmer AG is a Swiss investment group specializing in providing private capital and strategic support to medium-sized companies with growth ambitions, primarily in the DACH region. With approximately 20 years of experience, the company positions itself as a supportive and future-oriented partner for entrepreneurial ventures. The website reflects a professional and consistent brand image, targeting medium-sized enterprises seeking growth capital and expertise. Technically, the website is built on the Neos CMS platform using the Flow PHP framework, leveraging modern web technologies including JavaScript and CSS. The site demonstrates good mobile optimization and SEO practices, with a moderate performance profile. Cookie consent mechanisms are implemented, ensuring compliance with privacy regulations. From a security perspective, the website enforces HTTPS and employs cookie consent for user privacy. However, it lacks visible security policies, incident response contacts, and advanced security headers, which could be improved to enhance trust and compliance. No vulnerabilities or suspicious elements were detected in the content or scripts. Overall, the website presents a low-risk profile with strong business credibility and privacy compliance. Strategic improvements in security transparency and incident response readiness are recommended to further strengthen the security posture and user trust.

B

BB Biotech AG

bbbiotech.ch

51

BB Biotech AG is a leading investment company specializing in the biotechnology sector, with over 30 years of experience and a strong market presence on the SIX Swiss Exchange and Frankfurt Stock Exchange. The company focuses on investing in listed biotech companies developing innovative drugs addressing unmet medical needs. The website reflects a mature digital infrastructure built on the Neos CMS and Flow PHP framework, employing modern JavaScript libraries and analytics tools to deliver a responsive and user-friendly experience. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though there is room for improvement in publishing explicit security policies and incident response contacts. Overall, the site demonstrates high professionalism, transparency, and compliance with privacy regulations, supporting BB Biotech's credibility as a trustworthy investment entity.

C

Crédit Mutuel Impact

creditmutuelimpact.fr

66

Crédit Mutuel Impact is a specialized asset management company operating under Crédit Mutuel Alliance Fédérale, focusing on sustainable and impact investments primarily in infrastructure and private equity sectors. The company targets investors interested in long-term environmental and societal impact, managing funds that support renewable energy, electric mobility, and decarbonization projects. The website reflects a professional and consistent brand image aligned with its parent company, offering clear information about its investment philosophy and regulatory compliance. Technically, the site uses modern web technologies including jQuery and YouTube API, with a responsive design and good accessibility features. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. The absence of WHOIS data is a minor concern but is offset by the strong brand presence and regulatory adherence. Overall, the site is trustworthy, well-structured, and compliant with privacy regulations.

C

Crédit Mutuel Asset Management

creditmutuel-am.eu

65

Crédit Mutuel Asset Management (CMAM) is a prominent asset management company operating primarily in France and Europe, offering a comprehensive range of investment funds focused on simplicity, transparency, performance, and risk management. The company emphasizes responsible and sustainable finance as part of its core business model. The website reflects a professional and consistent brand image aligned with its parent company, Crédit Mutuel. The target audience includes both professional and non-professional investors across multiple European countries. CMAM's market position is that of a significant player in the financial services sector, leveraging its parent group's reputation and resources. Technically, the website employs modern web technologies including jQuery and YouTube's widget API, with analytics powered by Piano Analytics. The site is served over HTTPS with cookie consent mechanisms that comply with GDPR requirements, offering users granular control over tracking preferences. While the site demonstrates good mobile optimization and SEO practices, accessibility compliance is partial, indicating room for improvement. No CMS or hosting provider details were explicitly identified. From a security perspective, the site benefits from HTTPS encryption and a cookie consent banner, alongside a published vulnerability disclosure policy, indicating a mature security posture. However, explicit security headers such as Content Security Policy or HSTS are not evident, and no direct incident response contacts are provided. The WHOIS data is privacy protected by EURid, which is common for European domains, and does not raise immediate concerns given the professional nature of the site and its alignment with a reputable financial institution. Overall, the security posture is solid but could be enhanced by adding more explicit security policies and headers.

N

Numberly

1000mercis.com

65

Numberly is a well-established marketing technology company based in France, founded in 2005 and operating as a subsidiary of 1000mercis. The company specializes in data-driven marketing solutions including people-based marketing, programmatic advertising, CRM, and big data analytics. Their website reflects a mature digital presence with professional design, clear navigation, and comprehensive content aimed at business clients seeking advanced marketing technology services. The technical infrastructure leverages modern JavaScript frameworks such as Vue.js and is hosted with reputable providers including OVH and AWS DNS services. Security posture is solid with HTTPS enforced and domain protections in place, though there is room for improvement in security headers and DNSSEC implementation. Privacy compliance is strong, with clear privacy and cookie policies and consent mechanisms aligned with GDPR requirements. Overall, the website and domain registration data indicate a trustworthy and credible business with a strong market position in the marketing technology sector.

The website abtatravelmoney.com is currently inaccessible beyond a Cloudflare Turnstile security challenge page, which blocks access to actual site content. This prevents extraction of business, contact, or policy information. The domain is relatively new, registered in 2022 via Easyspace Limited without privacy protection, indicating transparency but limited business history. The technical infrastructure leverages Cloudflare's security services, including WAF and Turnstile captcha, indicating a focus on protecting the site from automated abuse or attacks. However, the lack of accessible content and absence of privacy, cookie, or terms policies limit the ability to assess compliance and business credibility. Security posture is partially observable through the use of HTTPS and Cloudflare protection, but no security headers or best practices are visible due to content blocking. Overall, the site appears legitimate but immature and currently inaccessible for detailed analysis.

S

Slonik Events Canada

pgconf.dev

59

PGConf.dev 2026 is a specialized technology conference focused on PostgreSQL development and community growth, organized by Slonik Events Canada. The event is scheduled for May 19–22, 2026, at Simon Fraser University in Vancouver, Canada. The website serves as an informational portal for attendees, sponsors, and contributors, emphasizing community engagement and technical advancement in the PostgreSQL ecosystem. The target audience includes PostgreSQL users, developers, and community organizers. Technically, the website is built using modern web technologies including Svelte and SvelteKit, ensuring fast performance and good mobile optimization. The site structure is clear and professional, with SVG graphics and modular JavaScript loading. However, there is no evidence of a CMS or advanced hosting details. SEO and accessibility are basic but adequate for the site’s purpose. From a security perspective, the site uses HTTPS as indicated by the URL, but no explicit security headers were detected in the provided data. There are no visible forms or data collection points, reducing attack surface, but also no published privacy or cookie policies, which is a compliance gap. The WHOIS data shows privacy protection for the domain registrant, which is common and justified for event sites. No vulnerabilities or suspicious patterns were found. Overall, the website is a credible and professional platform for the PGConf.dev 2026 event but would benefit from enhanced privacy compliance, explicit security headers, and published policies to improve trust and regulatory adherence.

KKTIX is a well-established online event registration and ticketing platform primarily serving Taiwan and Hong Kong markets. Founded in 2013, it offers event organizers tools to create customized event pages, manage ticket sales, and streamline attendee registration with e-tickets. The platform also serves event seekers by providing event discovery and ticket management services. The website demonstrates a mature digital presence with a modern tech stack including React, Google Analytics, Facebook Pixel, Hotjar, and Microsoft Clarity, indicating a focus on user experience and data-driven insights. Security posture is solid with HTTPS enforcement and domain transfer protection, though DNSSEC is not enabled and some security headers could be improved. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of service, but lacks a cookie consent mechanism despite extensive tracking scripts. Overall, the site is professional, trustworthy, and well-positioned in the event ticketing industry.

H

HackMD

hackmd.io

75

HackMD is a collaborative Markdown editor platform founded in 2015 and based in Taiwan. It offers real-time document editing and sharing capabilities targeted at teams, developers, researchers, educators, and communities. The platform supports integrations such as GitHub and provides features like templates, book mode, and UML graph visualization, positioning itself as a versatile tool for knowledge sharing and collaboration. The business model is primarily freemium SaaS with paid tiers for teams and enterprises, serving a global user base including notable organizations like the Ethereum Foundation. Technically, HackMD employs modern web technologies including React and Next.js, hosted on AWS infrastructure. The website demonstrates excellent performance, mobile optimization, and SEO practices. Security is robust with HTTPS enforcement, CSRF protections, and domain transfer restrictions, although DNSSEC is not enabled. Privacy and terms policies are comprehensive and GDPR compliant, with active use of analytics tools such as Google Tag Manager and Plausible Analytics. Security posture is strong with no detected vulnerabilities or exposed sensitive data. However, explicit incident response contacts and vulnerability disclosure mechanisms are not publicly evident, representing an area for improvement. The WHOIS data is transparent and consistent with the business identity, supporting legitimacy and trustworthiness. Overall, HackMD presents a professional, secure, and user-friendly platform with a strong market position in collaborative documentation tools. Strategic recommendations include enabling DNSSEC, publishing explicit security headers, and establishing clear incident response and vulnerability disclosure channels to further enhance security and trust.

AnyBrowser.org is a personal and advocacy website managed by Cari D. Burstein, hosting multiple small sites including a campaign promoting accessible web design and various archived gaming and community sites. The website targets general internet users interested in accessible web design and niche gaming communities. The business model is primarily personal and hobbyist with no evident commercial intent. The domain is well-established, having been registered since 1997, which supports the site's long-term presence and credibility. Technically, the website uses basic HTML, CSS, and JavaScript technologies, including Google Analytics for visitor tracking. It is hosted by DreamHost, LLC, a reputable hosting provider. The site shows moderate performance and basic mobile optimization, with good accessibility features. However, it lacks modern security headers and DNSSEC, which could improve its security posture. From a security perspective, the site uses HTTPS (implied by the domain and hosting provider but not explicitly confirmed in the data), but no advanced security headers are present. There is no evidence of privacy or cookie policies, GDPR compliance, or vulnerability disclosure mechanisms. The use of Google Analytics without a cookie consent mechanism indicates limited privacy compliance. No critical vulnerabilities or suspicious patterns were detected. Overall, the website is safe for general audiences, with no adult or questionable content. The risk level is low, but improvements in privacy compliance, security headers, and DNS security are recommended to enhance trust and protection.

MySQL.com is the official website for MySQL, the world's most popular open source database, owned and operated by Oracle Corporation. The site offers comprehensive information about MySQL products including MySQL HeatWave, Enterprise Edition, OEM/ISV solutions, and Cluster CGE, targeting developers, enterprises, and OEM partners. The website is professionally designed with clear navigation, rich content, and strong branding consistent with Oracle's corporate identity. Technically, the site employs modern JavaScript libraries, Oracle Infinity analytics, and TrustArc consent management, hosted on Oracle infrastructure, ensuring good performance and mobile optimization. Security posture is strong with HTTPS enforced and cookie consent mechanisms, though explicit security policies and vulnerability disclosure pages are not found. WHOIS data is unavailable or inaccessible, which is unusual but likely due to domain management practices by Oracle. Overall, the site is trustworthy, professional, and compliant with privacy regulations, serving as a key resource for MySQL users and customers.

T

The PHP Group

php.net

68

The PHP.net website represents The PHP Group, the steward of the PHP programming language, a widely used open-source scripting language for web development. The site provides comprehensive resources including downloads, documentation, news, and community engagement. It serves a global developer audience and maintains a strong position as a leading technology resource in its domain. Technically, the website employs modern web technologies, including Matomo for privacy-conscious analytics, and delivers content with good performance and mobile optimization. Security-wise, the site enforces HTTPS and disables tracking cookies in analytics, reflecting a privacy-aware posture. However, it lacks some security headers and a cookie consent mechanism, which are recommended for enhanced protection and compliance. The absence of WHOIS data is noted but does not detract from the site's legitimacy given its recognized brand and active community presence. Overall, the site is professional, trustworthy, and well-maintained, with room for minor improvements in security and privacy disclosures.

B

Brevo

brevo.com

71

Brevo is a large technology company providing an all-in-one AI-enabled marketing platform that integrates email marketing, SMS, WhatsApp, CRM, and automation tools. It serves over 500,000 customers globally, positioning itself as a competitive player in the marketing automation and CRM SaaS market. The platform emphasizes multichannel communication and AI-driven features to enhance marketing efficiency and customer engagement. Technically, the website is built on modern web technologies including React with Next.js framework, and integrates multiple analytics and marketing tools such as Google Tag Manager, AB Tasty, and Albacross. The site is well-optimized for performance, mobile responsiveness, and SEO, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS and employs standard security headers, indicating a good security posture. However, the absence of publicly available WHOIS data and lack of explicit security policies or incident response information slightly reduce transparency and trust. No critical vulnerabilities or exposed sensitive data were detected. Overall, Brevo presents a professional and trustworthy online presence with strong business credibility and technical maturity. Strategic improvements in WHOIS transparency and security policy disclosures would further enhance trust and compliance.

S

Stack Exchange Inc.

stackoverflow.co

56

Stack Overflow, operated by Stack Exchange Inc., is a leading technology platform founded in 2008 that empowers developers and technologists worldwide to share knowledge and collaborate. The company offers a public Q&A platform, enterprise solutions such as Stack Overflow for Teams, advertising services, and data licensing for AI development. It holds a strong market position as the go-to resource for developer knowledge sharing and community engagement. The website reflects a mature digital infrastructure with modern technologies like Vue.js, Google Tag Manager, and OneTrust for privacy compliance, delivering excellent performance and user experience across devices. Security posture is robust with HTTPS enforcement and comprehensive security headers, although explicit security policy and incident response information are not publicly disclosed. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high professionalism, trustworthiness, and business credibility, supported by consistent WHOIS data and recognized industry partnerships.

I

Internet Archive

archive.org

63

Internet Archive is a well-established non-profit digital library founded in 1995, providing free universal access to a vast collection of texts, movies, music, and archived web pages through its Wayback Machine. It holds a leading position in the digital archive space, serving a general audience with a mission to preserve digital content for public access. The website's business model is donation-supported, as evidenced by the donation iframe embedded in the homepage. Technically, the website employs modern web technologies including JavaScript frameworks such as Lit and React, and uses web components for modular UI. The presence of Cloudflare secondary DNS servers suggests a robust DNS infrastructure, although DNSSEC is not enabled. The site is mobile optimized and SEO friendly, with Google site verification meta tags confirming ownership. Performance is moderate, with no critical technical debt observed in the snapshot. From a security perspective, the site uses HTTPS and domain status flags to protect domain integrity. However, no explicit security headers were detected in the HTML content, and DNSSEC is not enabled, representing areas for improvement. No vulnerabilities or exposed sensitive data were found. Privacy compliance is limited as no privacy or cookie policies were found in the provided content, which is a gap for GDPR and other regulations. Overall, the Internet Archive website is trustworthy, professional, and technically sound, with a strong business credibility score. Strategic recommendations include publishing clear privacy and cookie policies, enabling DNSSEC, and adding security headers to enhance security posture and compliance.

Amazon.ca is the Canadian regional e-commerce platform operated by Amazon.com, Inc. It serves Canadian consumers by providing a wide range of products through direct sales and third-party marketplace sellers. The website is a key part of Amazon's global retail presence and is positioned as a leading online retailer in Canada. The site uses Amazon's proprietary UI frameworks and scripts, hosted on Amazon's infrastructure, ensuring scalability and reliability. However, the current content is blocked behind a captcha challenge, limiting direct content access and analysis. Security measures such as captcha indicate a strong security posture to prevent automated abuse. Privacy and terms of service links are present and appear comprehensive, supporting compliance with regulations such as GDPR. The lack of publicly available WHOIS data is consistent with privacy protection practices for large enterprises. Overall, the site demonstrates a high level of business credibility but is currently inaccessible for full technical and content evaluation due to security controls.

G

Giant Rabbit LLC

giantrabbit.com

62

Giant Rabbit LLC is a specialized digital agency focused on developing and supporting websites and data systems for nonprofit organizations. Established in 2003, the company offers a comprehensive suite of services including strategy, design, development, CRM selection and data migration, fundraising analytics, Drupal upgrades, project rescues, managed hosting, support, maintenance, and security. Their market position is niche, targeting nonprofits with pragmatic and mission-focused digital solutions. The website reflects a professional and consistent brand with clear service offerings and contact information. Technically, the website is built on Drupal 10, leveraging modern JavaScript and integrates Google Analytics and Google Tag Manager for tracking. Hosting and DNS services are provided via Amazon AWS infrastructure. The site demonstrates good mobile optimization, accessibility, and SEO practices, though performance is moderate. The absence of DNSSEC and security headers indicates room for improvement in security hardening. From a security perspective, the site uses HTTPS and domain registration protections but lacks published security policies, incident response information, and cookie consent mechanisms, which are important for GDPR compliance and user trust. No critical vulnerabilities or exposed sensitive data were detected. Overall, the security posture is moderate but could be enhanced with additional policies and technical controls. The overall risk assessment is low with recommendations to enable DNSSEC, implement cookie consent, publish security and incident response policies, and add security headers. These steps will improve compliance, user trust, and reduce potential attack surface.

R

Rakuten Viki

viki.com

62

Rakuten Viki is a well-established video streaming platform specializing in Asian dramas and movies, offering free and subscription-based content with English subtitles. It operates under the Rakuten brand, leveraging a strong market position in niche media streaming. The platform supports community contributions and interactive features such as Watch Parties, enhancing user engagement. Technically, the website is built on modern frameworks like Next.js and integrates multiple analytics and privacy management tools, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, nonce-based CSP, and privacy consent mechanisms, though explicit security policies and incident response contacts are not published. Overall, the site is professional, trustworthy, and compliant with privacy regulations, though WHOIS data is unavailable, likely due to privacy protection. Strategic recommendations include publishing security policies, vulnerability disclosure programs, and enhancing transparency on data protection roles.

F

Föreningen Kontakta

kontakta.se

49

Kontakta is a Swedish industry and interest organization dedicated to promoting ethical customer service and telephone sales practices. The organization provides membership services, guidelines, quality certifications, educational programs, and hosts an annual event to support companies in the customer service and telemarketing sectors. The website is professionally designed, targeting Swedish businesses and organizations involved in these industries. Technically, the site uses modern web technologies including Typekit fonts, Font Awesome icons, and Google Tag Manager for analytics. The site is mobile-optimized and includes a cookie consent mechanism, demonstrating awareness of privacy compliance. Security posture is moderate with HTTPS implied and no visible security headers, and no explicit security policies published. WHOIS data for the www subdomain is missing, but this does not impact the legitimacy of the main domain kontakta.se. Overall, the website presents a trustworthy and professional image suitable for its industry association role.

S

Spelinspektionen

spelinspektionen.se

59

Spelinspektionen is the Swedish government authority responsible for regulating and supervising gambling activities within Sweden. Their mission is to ensure that lotteries, casino games, and other gambling operations are conducted legally, safely, and reliably, while protecting consumer interests and mitigating social harms related to gambling. The website serves as a comprehensive portal for licensing, regulatory decisions, player information, and public communication. Technically, the site is built on a modern CMS platform (likely Episerver), hosted with OVH Cloud services, and integrates various third-party services such as YouTube, ReachMee, and Screen9 for video content and recruitment. Security posture is strong with HTTPS, Content-Security-Policy headers, and cookie consent mechanisms, although some additional security headers and incident response disclosures could improve the security maturity. The WHOIS data for the exact subdomain is unavailable, which is typical for government subdomains, but the website content and contact information strongly affirm its legitimacy. Overall, the site is professional, trustworthy, and well-optimized for accessibility and mobile use.

Vijesti is the largest and most read independent news portal in Montenegro, providing comprehensive coverage of local and international news, sports, entertainment, and opinion columns. The website targets a broad general audience primarily in Montenegro and the surrounding region. It operates on an advertising-based business model, leveraging multiple ad networks and analytics platforms to monetize content. The site demonstrates a mature digital presence with a professional design, clear navigation, and mobile optimization, supporting a large volume of diverse content.

S

Sambic AD

sambic.me

49

Sambic AD is a Montenegro-based real estate and hospitality company specializing in high-quality residential construction and property management. As a subsidiary of Savana AB, it benefits from a solid parent company backing and has a medium-sized workforce. The company has invested significantly in hotels and commercial properties, establishing a strong market presence in Montenegro. The website reflects a professional image with clear business information and contact details, targeting investors and clients in the real estate and hospitality sectors. Technically, the website uses modern web technologies including JavaScript libraries and Google reCAPTCHA for form security, but lacks some advanced security headers and privacy compliance features. The security posture is generally good with HTTPS enforced, but could be improved by adding security headers and formal privacy and cookie policies. Overall, the site is safe, trustworthy, and well-structured, though it would benefit from enhanced compliance and security best practices.

U

University of St.Gallen

hsg.ch

75

The University of St.Gallen is a prestigious Swiss educational institution specializing in management, economics, law, social sciences, international affairs, and computer science. The website serves a diverse audience including students, academics, and business partners, offering comprehensive information about academic programs and research activities. The university holds a strong market position as a leading Swiss university with international recognition. Technically, the website is built on the TYPO3 CMS platform, leveraging modern web technologies such as Bootstrap and jQuery. It integrates multiple third-party analytics and marketing tools, including Google Analytics, Crazy Egg, and various advertising pixels, all managed through a GDPR-compliant cookie consent mechanism. The site demonstrates good mobile optimization, accessibility, and SEO practices. From a security perspective, the website enforces HTTPS, employs standard security headers, and avoids exposing sensitive data. However, explicit security policies and incident response contacts are not published, representing an area for improvement. The domain registration data aligns well with the website's identity, reinforcing its legitimacy. Overall, the website is professional, secure, and compliant with privacy regulations, with minor recommendations to enhance transparency around security policies and vulnerability disclosures.

T

tfy-consult

tfy-consult.ch

53

tfy-consult is a Swiss consulting firm specializing in helping small and medium-sized enterprises (KMUs) in the energy sector maximize their operational and strategic potential. Their core offering includes a unique KMU-Checkup designed to optimize management efficiency, data-driven decision making, and communication. The company positions itself as a trusted advisor to hidden champions within the Swiss economy, focusing on overcoming common challenges faced by KMUs. Technically, the website is built on the Squarespace platform, leveraging modern web technologies and providing a responsive, professional user experience. Security is well implemented with HTTPS and HSTS, but the site lacks explicit privacy and cookie policies, which are critical for GDPR compliance. Overall, the site reflects a credible business with room for improvement in privacy compliance and contact transparency.

C

Canonical Ltd

microstack.run

73

Canonical Ltd operates the website canonical.com/openstack, offering enterprise-grade private cloud solutions based on OpenStack technology. The company is well-established with a domain age dating back to 1996 and a strong market presence evidenced by over 10 years in the market and 500+ clouds in production. Their business model focuses on providing open source cloud infrastructure software, consulting, and support services to enterprises seeking control, compliance, and flexibility in their cloud deployments. The website is professionally designed with clear navigation and comprehensive content targeting IT professionals and enterprises interested in private cloud and AI/ML workloads. Technically, the site uses modern web technologies including lazy loading scripts and optimized fonts, with good mobile responsiveness and accessibility. Security posture is solid with HTTPS usage and no exposed sensitive data, though explicit security headers and policies are not evident. Privacy compliance is weak due to the absence of visible privacy and cookie policies or consent mechanisms. Overall, the website demonstrates high business credibility and trustworthiness but could improve transparency around privacy and security policies.

C

Canonical Ltd

mir-server.io

74

Canonical Ltd operates the website canonical.com/mir, promoting Mir, a fast, open, and secure display server designed for Linux-powered devices including desktops, IoT, and embedded products. The company holds a strong market position as a leading provider of Linux-based operating systems and infrastructure solutions, with a focus on enterprise and cloud markets. The website content is professionally crafted, targeting developers, device makers, and enterprises seeking modern graphical environments. Technically, the site employs modern web technologies, responsive design, and efficient performance, reflecting a mature digital infrastructure. Security posture is solid with HTTPS enforcement and domain registration protections, though improvements are recommended in DNSSEC adoption and security headers. Privacy compliance is currently weak due to the absence of explicit privacy and cookie policies. Overall, the website demonstrates high business credibility and trustworthiness, aligned with Canonical's established brand.

L

Linux Containers

linuxcontainers.org

48

linuxcontainers.org is an established open source umbrella project founded in 2013 that provides a suite of Linux container and virtualization tools including Incus, LXC, LXCFS, and Distrobuilder. The project targets developers, system administrators, and cloud infrastructure professionals seeking flexible, vendor-neutral container solutions. The website presents comprehensive information about active and deprecated projects, community resources, and documentation links, reflecting a mature and well-maintained ecosystem. Technically, the site uses modern web technologies such as HTML5, CSS3 with the Vanilla Framework, and JavaScript libraries like jQuery, delivering a responsive and accessible user experience. Security posture is moderate with HTTPS usage implied, but lacks DNSSEC and explicit security headers. Privacy and compliance documentation such as privacy policy and cookie consent are absent, indicating room for improvement in GDPR compliance. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the project.

E

ESB Marketing Netzwerk AG

sportforumschweiz.ch

47

SPORT.FORUM.SCHWEIZ is a leading sport business congress in Switzerland organized by ESB Marketing Netzwerk AG. It serves as a premier networking and knowledge-sharing platform for top decision-makers in the Swiss sport industry, including clubs, associations, media, sponsors, and tourism destinations. The website provides detailed event information, speaker profiles, partner collaborations, and expert articles, positioning itself as the largest sport business event in the country. The business model revolves around event organization, sponsorship, and industry networking.

N

N1

n1info.si

50

N1 Slovenija is a well-established independent news portal founded in 2014, serving the Slovenian-speaking audience with up-to-date news, in-depth stories, interviews, and analyses. It operates as part of a regional network with sister sites in Serbia, Croatia, and Bosnia and Herzegovina, and maintains a partnership with CNN, enhancing its credibility and content quality. The portal offers diverse content including sports, podcasts, video, and magazine sections, targeting a broad general audience interested in current affairs and media content. Technically, the website leverages modern web technologies such as Cloudflare CDN for performance and security, OneSignal for push notifications, Google Tag Manager for analytics, and OneTrust for cookie consent management. The CMS appears to be Wagtail, a modern Python-based CMS, supporting good content management practices. The site is mobile optimized with good SEO and accessibility basics, though some accessibility features could be enhanced. From a security perspective, the site enforces HTTPS and uses Cloudflare for protection. Cookie consent and privacy policies are implemented in compliance with GDPR. While explicit security headers are not fully confirmed, the overall posture is strong with no exposed sensitive data or vulnerabilities detected. No WAF or blocking mechanisms interfere with content access. Overall, N1 Slovenija presents a trustworthy, professional, and user-friendly news portal with solid technical infrastructure and compliance with privacy regulations. Strategic recommendations include enhancing security headers, improving accessibility, and continuous monitoring of third-party scripts to maintain security and compliance.

N

netzpolitik.org

netzpolitik.org

72

netzpolitik.org is a well-established German online media outlet focused on digital rights, privacy, surveillance, and technology policy. Founded in 2003, it operates as a non-profit journalism platform funded primarily through donations. The website offers news articles, investigative journalism, podcasts, and newsletters targeting a general audience interested in digital freedoms and policy. The site maintains a consistent and professional brand presence with active social media engagement across multiple platforms. Technically, the site is built on WordPress, hosted by Hetzner, and uses modern web technologies including jQuery and CSS3. It is mobile-optimized and accessible, with good SEO practices. Security-wise, the site enforces HTTPS and uses some security-related scripts but lacks DNSSEC and explicit security headers, and does not publish a security.txt or vulnerability disclosure policy. Privacy compliance is moderate due to the absence of explicit privacy and cookie policies in the provided content. Overall, the site is trustworthy, content-rich, and professionally managed, with minor areas for improvement in security and privacy transparency.

The website sourceforge.net is currently inaccessible due to a Cloudflare Turnstile security challenge page that blocks direct access to the actual content. SourceForge is a well-known software development platform with a long-established domain registered since 1999. The provided HTML content contains no business information, contact details, or policy documents, limiting the ability to perform a full security and compliance analysis. The technical infrastructure includes Cloudflare security services, but no further technology stack details or CMS information are available. Security posture cannot be fully assessed due to the blocked content, but the domain registration data indicates a legitimate and well-managed domain. Overall, the site is rated low in content quality and user experience due to inaccessibility, but the domain trustworthiness is high.

T

The PostgreSQL Global Development Group

postgresql.org

66

The PostgreSQL website represents the official online presence of The PostgreSQL Global Development Group, a large and well-established open source community focused on developing and maintaining one of the world's most advanced open source relational database systems. The site provides comprehensive resources including downloads, documentation, community engagement, and event information, targeting developers, database administrators, and organizations seeking robust database solutions. The business model centers on open source software development supported by a global community, with a strong market position as a leading database technology. Technically, the website employs modern web technologies such as Bootstrap, FontAwesome, and Google Analytics, ensuring a responsive and user-friendly experience. The site is well-structured with good SEO and accessibility practices, and it loads quickly. Security is robust with HTTPS enforced and secure form handling, although explicit security headers are not visible in the HTML content. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of service, but lacks a visible cookie consent mechanism. From a security perspective, the site demonstrates good practices including encrypted connections and no exposed sensitive data. However, the absence of explicit security headers and incident response contact details are areas for improvement. The WHOIS data is unavailable due to a malformed query response, limiting domain registration insights, but the website's content and branding strongly support its legitimacy. Overall, the website is professional, trustworthy, and well-maintained, with minor areas for enhancement in privacy compliance and security transparency. The risk level is low, and the site effectively supports its community and business objectives.

P

Phorum

phorum.org

51

Phorum is an established open source PHP and MySQL forum software project founded in 1998. It targets webmasters and developers seeking flexible, high-performance forum solutions. The website provides downloads, documentation, community forums, and development resources via GitHub. The business model is centered on open source software distribution with a niche market position as one of the original PHP forum software providers. Technically, the site uses PHP, MySQL, JavaScript, and Google Analytics, hosted on A2 Hosting. The site design is basic but functional, with moderate SEO and accessibility. Security posture is moderate; domain registration is consistent and long-standing, but the site lacks DNSSEC, visible security headers, and privacy or cookie policies. Incident response contact is provided via a security email. Overall, the site is trustworthy but could improve privacy compliance and security best practices.

B

BSD Network

bsd.network

66

BSD Network operates a niche Mastodon instance focused on the *BSD community and adjacent users. The platform emphasizes a supportive, inclusive, and well-moderated social environment, currently operating in invite-only mode due to capacity constraints. The website provides clear information about its community goals, code of conduct, and administrative contacts, fostering trust and transparency within its user base. Technically, the site leverages Mastodon software with modern web technologies, including HTTPS and CSRF protections, ensuring a secure user experience. However, some security best practices such as explicit security headers and cookie consent mechanisms are absent, representing areas for improvement. Overall, the platform presents a trustworthy and community-oriented social network with a strong focus on privacy and moderation.

FreshSource is a specialized project focused on tracking source code changes, primarily for the FreeBSD operating system. It offers features such as watch lists and notifications for source tree changes, targeting developers and users interested in FreeBSD ports and source updates. The website is maintained by Dan Langille and includes affiliate marketing through Amazon Associates. The site content is technical and niche, serving a small but dedicated community.

N

NAVEX

navex.com

74

NAVEX is a well-established provider of governance, risk, and compliance (GRC) solutions, serving over 13,000 organizations globally. Their offerings include a comprehensive GRC platform (NAVEX One), whistleblowing and incident management software, ethics and compliance training, policy and procedure management, and risk governance services. The company targets enterprises and organizations seeking to streamline compliance and risk management processes. The website demonstrates a high level of professionalism, with clear navigation, rich content, and multiple engagement points such as demo request forms protected by reCAPTCHA. Technically, the site employs a modern technology stack including JavaScript frameworks, marketing automation tools like Marketo, analytics platforms such as Microsoft Clarity and Google Tag Manager, and consent management via TrustArc. The site is mobile-optimized, accessible, and SEO-friendly, contributing to a positive user experience. Security best practices are observed with HTTPS enforcement, security headers, and no visible sensitive data exposure. However, the WHOIS data for the domain www.navex.com is unavailable or missing, which is inconsistent with the active and professional website presence. This lack of domain registration transparency slightly impacts the overall trust assessment. No WAF or blocking mechanisms were detected, allowing full content access and analysis. Overall, NAVEX presents a strong market position in the GRC space with a secure and user-friendly digital presence. Addressing the WHOIS data gap and publishing explicit security and incident response policies would further enhance trust and compliance posture.

N

NAVEX

navexglobal.com

75

NAVEX is a leading provider of governance, risk, and compliance (GRC) solutions, serving over 13,000 organizations worldwide. Their offerings include a comprehensive GRC platform (NAVEX One), whistleblowing and incident management software, ethics and compliance training, policy and procedure management, and risk and governance tools. The company targets enterprises and organizations seeking to simplify compliance and manage risk effectively. NAVEX demonstrates a strong market position with extensive customer trust and a broad portfolio of integrated solutions. Technically, the website employs modern web technologies including React, Marketo forms, Google Tag Manager, Microsoft Clarity, and TrustArc for consent management. The site is well-optimized for mobile and accessibility, with good SEO practices and performance. The use of multiple analytics and marketing tools indicates a mature digital marketing strategy. From a security perspective, NAVEX enforces HTTPS, uses security headers, and integrates reCAPTCHA on forms to mitigate abuse. Consent management aligns with GDPR requirements, and no obvious vulnerabilities or exposed sensitive data were detected. However, the absence of WHOIS data for the domain is unusual and should be monitored, though it does not currently detract from the site's legitimacy. Overall, NAVEX presents a professional, trustworthy, and secure online presence consistent with its enterprise-grade compliance solutions. Strategic recommendations include enhancing transparency around domain registration, maintaining rigorous third-party script audits, and establishing a public vulnerability disclosure policy to further strengthen trust.

Carmignac is an independent asset management company targeting professional and private investors primarily in Switzerland and Europe. The company offers a broad range of investment funds including equity, fixed income, diversified, alternative, and private asset strategies. The website is professionally designed with comprehensive content, clear navigation, and a focus on investment insights and sustainable investment. Technically, the site uses modern web technologies such as Next.js and React, with Google Tag Manager for analytics and marketing. Security posture is good with HTTPS enforced and cookie consent implemented, though explicit security headers and incident response information are lacking. The WHOIS data for the domain is missing, which raises some concerns about domain registration transparency but does not detract from the professional presentation of the site. Overall, the website is trustworthy and well-suited for its target audience.

L

La Française

la-francaise.com

74

La Française is a large, professional asset management group based in France, offering a broad range of investment solutions including equity, fixed income, diversified, alternative, and real estate management. The company operates multiple subsidiaries and is part of the Crédit Mutuel Alliance Fédérale asset management division. The website reflects a mature digital presence with comprehensive content, structured data, and clear navigation targeting institutional investors, distributors, and individual clients. Technically, the site uses modern web technologies and provides a responsive experience, though accessibility compliance is basic. Security posture is good with HTTPS and cookie consent mechanisms, but lacks explicit security headers and detailed incident response contacts. Privacy compliance is strong with clear policies and GDPR adherence. Overall, the site is trustworthy and professional, though the absence of WHOIS data slightly reduces domain trustworthiness.

T

Tolomeo Capital AG

tolomeo-capital.com

59

Tolomeo Capital AG is a Swiss-based systematic asset management firm specializing in quantitative, technology-driven investing strategies. Founded in 2011, the company manages its own fund with a fully audited track record since 2012 and holds a license from the Swiss Financial Market Supervisory Authority (FINMA). Positioned uniquely between high-frequency and long-term asset managers, Tolomeo leverages scientific and technological expertise to deliver market-neutral, uncorrelated returns to professional and institutional investors. Their offerings include proprietary funds, systematic investment strategies, advisory services, and risk management tools.

Z

Zurich Invest Ltd

zurichinvest.ch

52

Zurich Invest Ltd is a Swiss-based financial services company specializing in investment opportunities for pension funds, institutional investors, and private customers. The website presents a professional and consistent brand image, targeting a medium-sized market segment within the finance industry. The company offers a range of investment services tailored to institutional and private clients, positioning itself as a reputable player in the Swiss financial market. Technically, the website leverages modern technologies including JavaScript, CSS, Azure Application Insights for analytics, and Tealium for tag management. Hosting appears to be on Microsoft Azure, indicating a robust infrastructure. The site is mobile-optimized with good SEO practices, although accessibility features are basic. From a security perspective, the site uses HTTPS with strong SSL configuration and sets secure cookies for tracking scripts. However, it lacks explicit security headers and visible security policies such as privacy or cookie policies. No vulnerability disclosure or incident response information is provided, which could be improved to enhance trust and compliance. Overall, the website is safe, professional, and trustworthy with moderate technical maturity. The absence of explicit privacy and cookie policies and contact information slightly reduces privacy compliance and user trust. Strategic improvements in these areas would strengthen the security posture and regulatory adherence.

F

FINANZ

finanz-ch.ch

65

FINANZ is a leading B2B event organizer in the Swiss financial industry, hosting a major congress featuring around 100 expert lectures, panels, and roundtables on current financial topics. The event provides a platform for professional networking and knowledge exchange in an exclusive atmosphere. The website is built on the Wix platform, leveraging Wix Thunderbolt technology, and presents a professional and consistent brand image. Technical infrastructure is modern and supports mobile optimization, though SEO and accessibility could be improved. Security posture is adequate with HTTPS and some security best practices, but lacks explicit security policies and incident response information. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is trustworthy and legitimate, with room for improvement in privacy and security transparency.

C

Candriam

candriam.com

54

Candriam is a professional asset management firm offering investment solutions, funds, and market insights primarily targeting professional investors globally. The website is well-structured, multilingual, and designed to provide detailed regulatory and investor information. Technically, the site employs modern analytics tools such as Piwik PRO, Google Tag Manager, Microsoft Application Insights, and Optimizely, alongside a consent management platform (Usercentrics) and reCAPTCHA for security on login and registration forms. The security posture is strong with HTTPS enforced and secure form handling, though explicit security headers could not be fully verified from the provided data. The absence of WHOIS data for the domain is notable but may be due to privacy or registry policies. Overall, the site demonstrates a mature digital presence with good compliance and security practices.

L

LOUIS INTERNET

louis.info

71

LOUIS INTERNET is a German digital agency specializing in TYPO3-based corporate websites and online shops, with over 20 years of experience and a client base exceeding 140 customers. The company offers comprehensive digital solutions including web development, e-commerce, SEO, and SEA services, targeting businesses seeking tailored digital experiences. Their website reflects a professional and modern digital presence, emphasizing strategic, technological, and creative expertise. Technically, the site is built on TYPO3 CMS, employs modern JavaScript and CSS, and integrates advanced analytics tools such as Google Analytics 4, Matomo, and Microsoft Clarity, demonstrating a mature digital infrastructure. Security-wise, the website enforces HTTPS, implements cookie consent mechanisms, and avoids exposing sensitive data, though it lacks some advanced security headers and published security policies. Overall, the site is trustworthy, compliant with GDPR, and professionally maintained, with room for improvement in explicit security disclosures and header configurations.

A

AllSecure

allsecure.rs

57

AllSecure is a Serbian-based company specializing in secure internet payment solutions, offering services primarily to businesses requiring reliable online payment processing. The website is built on a modern WordPress platform using Elementor and Yoast SEO, indicating a moderate level of digital maturity. The technical infrastructure includes Google Tag Manager for analytics and tracking, and the site is served over HTTPS with a domain registered since 2008, reflecting stability and legitimacy. However, the absence of explicit privacy and cookie policies, as well as contact information, limits the site's compliance and user trust. Security posture is adequate with HTTPS enabled but lacks advanced security headers and incident response disclosures. Overall, the site presents a professional business front but would benefit from enhanced privacy compliance and security transparency.

A

AITO Ukraine

aitoukraine.org

53

AITO Ukraine is a small non-profit organization based in Kyiv, Ukraine, focused on community engagement and information dissemination. The website is built on the Wix platform, leveraging Wix's Thunderbolt framework and standard web technologies such as HTML5, CSS3, and JavaScript. The site presents basic content with consistent branding and moderate technical maturity. Security posture is adequate with HTTPS enabled and some script-based security hardening, but lacks important security headers and formal privacy or cookie policies. WHOIS data is unavailable or malformed, limiting domain trust verification. Overall, the website is functional and safe but requires improvements in privacy compliance and contact transparency to enhance trust and security.